Tuesday, April 20, 2021

Unpatched Java flaw Hit in Targeted Attacks, Researchers Say

Computerworld: Researchers from several security firms are warning about a new attack which targets a vulnerability in Java 7 Update 6, the latest version of Java. The attack code is hosted by a website with a Chinese IP address and delivers malware from servers in Singapore. The malware appears to be a variation of Poison Ivy, a Trojan used for cyberespionage.

“This vulnerability is not a ‘memory corruption’ type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction,” explained Carsten Eiram of security vendor Secunia. “In this specific case a file is downloaded and executed on the user’s system when just visiting a web page hosting a malicious applet.”

Oracle has not said when it will release a patch for the problem. “We are not aware of any fixes or workarounds except disabling/uninstalling Java,” noted Eiram.

Similar articles

Latest Articles

IT Planning During a...

Without a doubt, 2020 changed everything. I like to compare it to a science fiction movie where time travel is involved. Clearly, we have...

Best Data Quality Tools...

Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

NVIDIA’s New Grace ARM/GPU...

This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...

What is Data Segmentation?

Definition of Data Segmentation Data segmentation is the process of grouping your data into at least two subsets, although more separations may be necessary on...